I think we are ready to move forward with this.  Please supply an
updated patch ready for application.  Thanks.


Martijn van Oosterhout wrote:
-- Start of PGP signed section.
> This patch does the following:
> - Provide GnuTLS support beside OpenSSL in both the frontend and
>   backend. Which is used is decided by the configure options
>   --with-openssl and --with-gnutls. They are mutually exclusive.
> - When psql starts up the message has been altered to include details
>   about the library. For example either of:
> SSL connection established: GnuTLS (version 1.0.16), encryption 
> SSL connection established: OpenSSL (version OpenSSL 0.9.7e 25 Oct 2004), 
> encryption DHE-RSA-AES256-SHA
> - psql is now SSL library agnostic. It can display the above info
>   whether or not the SSL library was available at compile time. All
>   that matters is what the libpq library was compiled against.
> - Provides a new function in libpq called PQgettlsinfo(). This returns
>   a resultset containing the most useful details of the SSL connection,
>   if any.
> - A new command has been added to psql, \ssl, which displays all the
>   information available via PQgettlsinfo().
> - Provides a new function in libpq called PQsetPassthrough(). Once this
>   function has been called on an idle connection, its state changes to
>   CONNECTION_PASSTHROUGH. The usual query functions PQsend*, PQexec*,
>   PQconsumeinput and others are blocked. All further communication must
>   be by the user via the send/receive functions given. The only way to
>   undo this is via PQreset or PQfinish.
> Backward compatability issues:
> - Applications using libpq to establish the connection and then 
>   reading/writing the socket directly may have unexpected results if
>   the client is compiled against GnuTLS. The prior versions of libpq
>   provided no way of identifying the SSL library is use. However, they
>   will *not* crash.
>   These applications have two options. They can use the new
>   PQgettlsinfo() to determine which library libpq is using. They can
>   then elect to disable SSL support via the sslmode option to avoid the
>   issue.  Alternately, they can use the new PQsetPassthough() function
>   to retreive the necessary information to communicate directly.
>   In the latter case, the application does not need to check the
>   library in use, libpq will work transparently for all possibilities.
> Documentation will be provided assuming the above is considered
> satisfactory for inclusion without major changes.
> The attached diff does not include the diff of "configure" because I'm
> evidently running a different version and result was 200KB of useless
> stuff. The full patch is available here:
> http://svana.org/kleptog/temp/gnutls.patch
> Just running autoconf on the local machine should also work.
> Have a nice day,
> -- 
> Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> > From each according to his ability. To each according to his ability to 
> > litigate.

[ Attachment, skipping... ]
-- End of PGP section, PGP failed!

  Bruce Momjian   http://candle.pha.pa.us
  EnterpriseDB    http://www.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

Reply via email to